BlockAuth: A blockchain-based framework for secure vehicle authentication and authorization

Intelligent Transport System (ITS) offers inter-vehicle communication, safe driving, road condition updates, and intelligent traffic management. This research intends to propose a novel decentralized “BlockAuth” architecture for vehicles, authentication, and authorization, traveling across the border. It is required because the existing architects rely on a single Trusted Authority (TA) for issuing certifications, which can jeopardize privacy and system integrity. Similarly, the centralized TA, if failed, can cause the whole system to collapse. Furthermore, a unique “Proof of Authenticity and Integrity” process is proposed, redirecting drivers/vehicles to their home country for authentication, ensuring the security of their credentials. Implemented with Hyperledger Fabric, BlockAuth ensures secure vehicle authentication and authorization with minimal computational overhead, under 2%. Furthermore, it opens up global access, enforces the principles of separation of duty and least privilege, and reinforces resilience via decentralization and automation.

 Malicious User/Vehicle: Suppose a scenario where a malicious user/vehicle wants to get authentication by spoofing a legitimate user/vehicle ID.In the proposed framework "T.join" request consists of the user/vehicle platform hash and pseudonymous ID.The smart contract verifies the user's platform hash from his country's RCA.The RCA binds user/vehicle pseudonymous IDs with the user's platform hash during initial registration.As a result, it thwarts any attempt to initiate a spoofing attack.
 Malicious Service Provider: Suppose a scenario where a malicious SP intends to uncover the true identity of a user/vehicle.In the proposed framework users/vehicles provide their platform hashes and pseudonymous IDs to the SP for the purpose of authentication.The SP subsequently redirects the users/vehicles to their respective country's RCA for authentication, because it stores the real identity of the user/vehicle.As a result, the country RCA provides the stored platform hash of the user/vehicle.Therefore, it is impossible for SP to extract the genuine identity of the user/vehicle from the platform hash.
 DoS/DDoS Attack on Service Provider Authentication Service: Suppose a scenario where an attacker uses a compromised user/vehicle platform and initiates a DoS/DDoS attack to overwhelm the services of the SP.However, the compromised user/vehicle's current platform hash must be different from the hash stored with the user/vehicle's country RCA.This disparity allows SP to deny the malicious access request during the authentication process.As a result, this countermeasure prevents the attacker from initialing a DoS/DDoS attack.

Author action:
We updated the manuscript by adding Four new evaluation parameters i.e., separation of duty, least privilege principle, DoS/DDOS attack, and spoofing attacks are added to section 3.4 "comparative analysis", Table 6, on pages no.19 and 26.Moreover, section 3.3.2"Theat Models" is added on page no 19.
Reviewer#1, Concern # 5: The conclusions should explain the comparative results between the proposed and state-of-the-art methods.
Author response: Thank you for the kind comment.The conclusion section is updated.The updated conclusion is given below.
We proposed a BC-based cross-border vehicle authentication and authorization architecture.The proposed BlockAuth architecture consists of a BC network of CA nodes.The BC network authenticates and authorizes cross-border vehicles.The substitution of the centralized access control service outlined in the existing literature with BC technology mitigates the vulnerability that could result in system failure and various cyber-attacks like DoS and DDOS.Similarly, storing access control policies on the BC ensured the prevention of illegal authorization, thus enhancing the security and integrity of the framework.Unlike existing frameworks, the authorization service is enforced with separation of duty and least privilege principles to ensure that users are not granted more privileges than their necessary needs.Moreover, unlike conventional frameworks, BlockAuth allows user/vehicle authentication from his home country CA.Thus, ensures the protection of user/vehicle credentials.Furthermore, Hyperledger is used to implement the BlockAuth architecture.The BlockAuth ensures secure vehicle authentication and authorization with high throughput and minimal computational overhead, under 2 %.

Author action:
We updated the manuscript by modifying the conclusion section on page no.20.

Reviewer#1, Concern # 6:
The work is well written and well presented but needs to be proofread in English as it has some typos.
Author response: Thank you for the valuable suggestions.The proofread is performed and all typos are corrected.
Author action: We updated the manuscript by thoroughly performing proofreading and correcting all typos.
Reviewer#1, Concern # 7: Although the authors provide a contextualization of the problem in the introduction, it is not clear what the contribution of the article is.
Author response: Thank you for the valuable comment.The "Challenges", "Our Contributions", and "Significance of the Study" sections are added to the research article.These sections are given below.

Challenges
The following are the problems within the existing literature.
 A centralized trusted access control service is a single point of failure and has low resilience to different attacks.
 As a result of inadequate implementation of the separation of duty and least privilege principle, the users are granted excessive privileges.
 This trusted third-party service can perform illegal authorization by altering stored authorization policies  This trusted service can expose user credentials without user consent.

Our contributions
The following are the main contributions of this research study.
 The single trusted authentication and authorization service is substituted with BC because it can collapse the entire system and expose it to several attacks.
 The authorization procedure is strengthened with the implementation of the separation of duty and least privilege principle in the smart contract.
 Our proposed BlockAuth architecture stores authorization policies on the immutable ledger of the BC, effectively preventing any illegal authorization.
 The proposed BlockAuth architecture allows drivers/vehicles to get authentication from their parent countries, thus preventing credentials disclosure.

Significance of the Study
Collectively, the highlighted contributions hold immense practical implications.The replacement of the centralized access control service with BC technology mitigates the vulnerability that could potentially lead to the collapse of the entire system and susceptibility to various attacks.Similarly, storing authorization policies on the BC not only ensures that illegal authorizations are effectively prevented but also enhances the security and integrity of the system.Additionally, enabling authentication from parent countries ensures the privacy of credentials, effectively averting the risks associated with credentials disclosure.Thus, this research significantly advances the realm of authentication and authorization, offering enhanced security and efficiency for modern systems.
Intelligent Transport System (ITS) offers inter-vehicle communication, safe driving, road condition updates, and intelligent traffic management.This research intends to propose a novel decentralized "BlockAuth" architecture for vehicles, authentication, and authorization, traveling across the border.It is required because the existing architects rely on a single Trusted Authority (TA) for issuing certifications, which can jeopardize privacy and system integrity.Similarly, the centralized TA, if failed, can cause the whole system to collapse.Furthermore, a unique "Proof of Authenticity and Integrity" process is proposed, redirecting drivers/vehicles to their home country for authentication, ensuring the security of their credentials.Implemented with Hyperledger Fabric, BlockAuth ensures secure vehicle authentication and authorization with minimal computational overhead, under 2%.Furthermore, it opens up global access, enforces the principles of separation of duty and least privilege, and reinforces resilience via decentralization and automation.
 As a result of inadequate implementation of the separation of duty and least privilege principle, the users are granted excessive privileges.
 This trusted third-party service can perform illegal authorization by altering stored authorization policies  This trusted service can expose user credentials without user consent.

Our contributions
The following are the main contributions of this research study.
 The single trusted authentication and authorization service is substituted with BC because it can collapse the entire system and expose it to several attacks.
 The authorization procedure is strengthened with the implementation of the separation of duty and least privilege principle in the smart contract.
 Our proposed BlockAuth architecture stores authorization policies on the immutable ledger of the BC, effectively preventing any illegal authorization.
 The proposed BlockAuth architecture allows drivers/vehicles to get authentication from their parent countries, thus preventing credentials disclosure.

Significance of the Study
Collectively, the highlighted contributions hold immense practical implications.The replacement of the centralized access control service with BC technology mitigates the vulnerability that could potentially lead to the collapse of the entire system and susceptibility to various attacks.Similarly, storing authorization policies on the BC not only ensures that illegal authorizations are effectively prevented, enhancing the security and integrity of the system.Additionally, enabling authentication from parent countries ensures the privacy of credentials, effectively averting the risks associated with credentials disclosure.Thus, this research significantly advances the realm of authentication and authorization, offering enhanced security and efficiency for modern systems.control policies.Moreover, BC makes policy publication and enforcement obvious to all users.
Additionally, the main characteristics of the related literature discussed in the related works section are tabulated and compared with a proposed framework in Table 6, titled "Comparisons among Existing and BlockAuth architectures" Author action: We updated the manuscript by adding the "Challenges", "Our Contributions" and "Significance of the Study" sections in the "Introduction" section on pages no. 2 and 3. Additionally, a comparison between existing and proposed frameworks is added in Table 6, Section III, page no 26.
Reviewer#2, Concern # 4: The paper lacks a convincing theoretical framework, which is necessary to be considered for publication.
Author response: Thank you for the valuable comments.The theoretical framework is updated by modifying the "vehicle authentication and authorization" subsection to include the separation of duty and least privilege principles.Similarly, four axioms are added to clarify the working of the proposed framework.These axioms are given below.

Axiom 1:
Every vehicle possesses a distinct platform hash value, ensuring that no two vehicles share the same value.

Axiom 2:
If an attacker manages to infiltrate a vehicle's on-board units and installs malicious software, the resulting platform hash value will differ from the previously stored value.Consequently, the vehicle would be unable to successfully authenticate.

Axiom 3:
In the case of multiple policies for a vehicle, the policy with the least privilege will take precedence.

Axiom 4:
This axiom establishes the concept of separation of duty.When two policies present conflicting interests, the vehicle will grant authorization based on one of the policies.
Similarly, Algorithm 1 (smart contract operations) is updated according to the axioms given above.